# An IRC client daemon
{ config, lib, ... }:
let
  cfg = config.my.services.quassel;
  domain = config.networking.domain;
in
{
  options.my.services.quassel = with lib; {
    enable = mkEnableOption "Quassel IRC client daemon";
    port = mkOption {
      type = types.port;
      default = 4242;
      example = 8080;
      description = "The port number for Quassel";
    };
  };

  config = lib.mkIf cfg.enable {
    services.quassel = {
      enable = true;
      portNumber = cfg.port;
      # Let's be secure
      requireSSL = true;
      certificateFile = config.security.acme.certs."${domain}".directory + "/full.pem";
      # The whole point *is* to connect from other clients
      interfaces = [ "0.0.0.0" ];
    };

    # Allow Quassel to read the certificates.
    users.groups.acme.members = [ "quassel" ];

    # Open port for Quassel
    networking.firewall.allowedTCPPorts = [ cfg.port ];

    # Create storage DB
    services.postgresql = {
      enable = true;
      ensureDatabases = [ "quassel" ];
      ensureUsers = [
        {
          name = "quassel";
          ensurePermissions."DATABASE quassel" = "ALL PRIVILEGES";
        }
      ];
      # Insecure, I don't care.
      # Because Quassel does not use the socket, I simply trust its connection
      authentication = "host quassel quassel localhost trust";
    };
  };
}